package com.example.mtblog.security;



import com.example.mtblog.common.data;
import com.example.mtblog.common.filter.TokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableMBeanExport;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.FilterChainBeanDefinitionParser;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


@EnableMBeanExport
@Configuration
public class WebSecurityConfig {


    @Autowired
    FailureCrossing failureCrossing; //权限认证失败入口

    @Autowired
    private AuthenticationConfiguration authenticationConfiguration;


    //设置白名单
    public String [] getWhiteList(String baseUrl , String [] list){
        for (int i = 0; i <list.length ; i++) {
            list[i] = baseUrl  + list[i] ;
        }
        return  list;
    }

    //不需要登录


    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }





    @Bean
    protected DefaultSecurityFilterChain defaultSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                // CSRF禁用，因为不使用session
                .csrf(AbstractHttpConfigurer::disable)
                //认证失败处理类（不合法接口|没有权限）
                .exceptionHandling(e-> e.authenticationEntryPoint(failureCrossing))
                // 过滤请求
                .authorizeHttpRequests( auth -> auth
                        .requestMatchers(data.WhiteList).permitAll()
                        .requestMatchers(data.AdminList).permitAll()
                        .requestMatchers(data.UserList).permitAll()
                        .anyRequest().authenticated())
                .httpBasic(Customizer.withDefaults())
                //先走权限认证 再走过滤器
                 .addFilterBefore(new TokenFilter(), UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.build();

    }







    /**
     * 解决 无法直接注入 AuthenticationManager
     *
     * @return
     * @throws Exception
     */
    @Bean
    public AuthenticationManager authenticationManager() throws Exception{
        return authenticationConfiguration.getAuthenticationManager();
    }

}
